feature(keyringctl): add option to filter listing by trust
This commit is contained in:
Levente Polyak
@ -15,6 +15,7 @@ from .keyring import convert
|
||||
from .keyring import export
|
||||
from .keyring import inspect_keyring
|
||||
from .keyring import list_keyring
|
||||
from .types import TrustFilter
|
||||
from .util import absolute_path
|
||||
from .util import cwd
|
||||
from .verify import verify
|
||||
@ -81,6 +82,12 @@ list_parser = subcommands.add_parser(
|
||||
help="list the certificates in the keyring",
|
||||
)
|
||||
list_parser.add_argument("--main", action="store_true", help="List main signing keys instead of packager keys")
|
||||
list_parser.add_argument(
|
||||
"--trust",
|
||||
choices=[e.value for e in TrustFilter],
|
||||
default=TrustFilter.all.value,
|
||||
help="Filter the list based on trust",
|
||||
)
|
||||
list_parser.add_argument(
|
||||
"source",
|
||||
nargs="*",
|
||||
@ -180,10 +187,12 @@ def main() -> None: # noqa: ignore=C901
|
||||
target_dir=keyring_root.parent / "build",
|
||||
)
|
||||
elif "list" == args.subcommand:
|
||||
trust_filter = TrustFilter[args.trust]
|
||||
list_keyring(
|
||||
keyring_root=keyring_root,
|
||||
sources=args.source,
|
||||
main_keys=args.main,
|
||||
trust_filter=trust_filter,
|
||||
)
|
||||
elif "inspect" == args.subcommand:
|
||||
print(
|
||||
|
||||
@ -25,9 +25,11 @@ from .sequoia import packet_signature_creation_time
|
||||
from .sequoia import packet_split
|
||||
from .trust import certificate_trust
|
||||
from .trust import certificate_trust_from_paths
|
||||
from .trust import filter_by_trust
|
||||
from .trust import format_trust_label
|
||||
from .types import Fingerprint
|
||||
from .types import Trust
|
||||
from .types import TrustFilter
|
||||
from .types import Uid
|
||||
from .types import Username
|
||||
from .util import contains_fingerprint
|
||||
@ -1097,7 +1099,12 @@ def build(
|
||||
)
|
||||
|
||||
|
||||
def list_keyring(keyring_root: Path, sources: Optional[List[Path]] = None, main_keys: bool = False) -> None:
|
||||
def list_keyring(
|
||||
keyring_root: Path,
|
||||
sources: Optional[List[Path]] = None,
|
||||
main_keys: bool = False,
|
||||
trust_filter: TrustFilter = TrustFilter.all,
|
||||
) -> None:
|
||||
"""List certificates in the keyring
|
||||
|
||||
If sources contains directories, all certificate below them are considered.
|
||||
@ -1108,6 +1115,7 @@ def list_keyring(keyring_root: Path, sources: Optional[List[Path]] = None, main_
|
||||
sources: A list of username, fingerprint or directories from which to read PGP packet information
|
||||
(defaults to `keyring_root`)
|
||||
main_keys: List main keys instead of packager keys (defaults to False)
|
||||
trust_filter: Filter the listing based on trust
|
||||
"""
|
||||
|
||||
keyring_dir = keyring_root / ("main" if main_keys else "packager")
|
||||
@ -1130,6 +1138,8 @@ def list_keyring(keyring_root: Path, sources: Optional[List[Path]] = None, main_
|
||||
main_keys=get_fingerprints_from_paths([keyring_root / "main"]),
|
||||
all_fingerprints=get_fingerprints_from_paths([keyring_root]),
|
||||
)
|
||||
if not filter_by_trust(trust=trust, trust_filter=trust_filter):
|
||||
continue
|
||||
trust_label = format_trust_label(trust=trust)
|
||||
print(f"{username:<{username_length}} {certificate.name} {trust_label}")
|
||||
|
||||
|
||||
@ -10,6 +10,7 @@ from typing import Set
|
||||
from .types import Color
|
||||
from .types import Fingerprint
|
||||
from .types import Trust
|
||||
from .types import TrustFilter
|
||||
from .types import Uid
|
||||
from .util import contains_fingerprint
|
||||
from .util import get_cert_paths
|
||||
@ -236,3 +237,26 @@ def format_trust_label(trust: Trust) -> str:
|
||||
Text label representing the trust status as literal and icon with colors
|
||||
"""
|
||||
return f"{trust_color(trust).value}{trust_icon(trust)} {trust.name}{Color.RST.value}"
|
||||
|
||||
|
||||
def filter_by_trust(trust: Trust, trust_filter: TrustFilter) -> bool:
|
||||
"""Filters a trust by a given filter and returns true if within the rules
|
||||
|
||||
Parameters
|
||||
----------
|
||||
trust: Trust to check for being filtered
|
||||
trust_filter: Filter rules to check the trust against
|
||||
|
||||
Returns
|
||||
-------
|
||||
True if the given trust is within the filter rules
|
||||
"""
|
||||
trust_map = {
|
||||
TrustFilter.unknown: [Trust.unknown],
|
||||
TrustFilter.marginal: [Trust.marginal],
|
||||
TrustFilter.full: [Trust.full],
|
||||
TrustFilter.revoked: [Trust.revoked],
|
||||
TrustFilter.unrevoked: [Trust.unknown, Trust.marginal, Trust.full],
|
||||
TrustFilter.all: [Trust.revoked, Trust.unknown, Trust.marginal, Trust.full],
|
||||
}
|
||||
return trust in trust_map[trust_filter]
|
||||
|
||||
@ -17,6 +17,15 @@ class Trust(Enum):
|
||||
full = auto()
|
||||
|
||||
|
||||
class TrustFilter(Enum):
|
||||
unknown = "unknown"
|
||||
revoked = "revoked"
|
||||
marginal = "marginal"
|
||||
full = "full"
|
||||
unrevoked = "unrevoked"
|
||||
all = "all"
|
||||
|
||||
|
||||
TRUST_MAX_LENGTH: int = max([len(e.name) for e in Trust])
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user